I have a two classes “User Profile” and “FingerprintProfile” which extend an abstract class “Profile”.
Profile:
/**
* Template for User profiles or Fingerprint profiles
*/
public abstract class Profile {
/**
* Profile Name
*/
private String name;
/**
* Profile id
*/
private int id;
/**
* Set the name of this profile
* @param name
*/
public void setProfileName(String name) {
this.name = name;
}
/**
* Set the id of this profile
* @param name
*/
public void setIdNumber(int id) {
this.id = id;
}
/**
* Get the name of this profile
*/
public String getProfileName() {
return name;
}
/**
* Get the id of this profile
*/
public int getIdNumber() {
return id;
}
}
My next class is UserProfile
public class UserProfile extends Profile {
/**
* Users password
*/
private char[] password;
/**
* Set User password
* @param password
*/
public void setPassword(char[] password){
this.password = password;
}
/**
* Get User password
*/
public char[] getPassword(){
return password;
}
}
Just looking at this class seems dodgy, it seems totally wrong to be able to retrieve the password like this (Even if the get method is private).
It seems like I will be facing the same problem when making my FingerPrintProfile class as well as that holds a “FingerprintData” Object which inherently also needs to be secure.
Does anybody know of a secure method, or preferably a pattern which people use to solve a scenario such as this one?
Thanks !
Bonus Question
I made the abstract class to provide a template for both types of profile, and it seems there is a common ground between the fingerprint data and the text password. However, it is not possible to make an abstract field “password” which can potentially be a char array or a FingerprintData object. Any ideas??
Use “object thinking” instead. Your current design is not OOP at all. Instead of setting and getting the password you should expose behavior of the profile. For example:
Getters/setters is an anti-pattern in OOP.